From 902b15b24d6ea2a1e255b88dff7670e8a95cb9a9 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 29 May 2022 02:01:19 +0200 Subject: gnu: Replace (almost) all uses of /run/setuid-programs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …those good for master, anyway. * gnu/packages/admin.scm (ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with /run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise. * gnu/packages/debian.scm (pbuilder)[arguments]: Likewise. * gnu/packages/disk.scm (udevil)[arguments]: Likewise. * gnu/packages/enlightenment.scm (efl, enlightenment) [arguments]: Likewise. * gnu/packages/gnome.scm (gdm, gnome-control-center) [arguments]: Likewise. * gnu/packages/linux.scm (singularity)[arguments]: Likewise. * gnu/packages/lxde.scm (spacefm)[arguments]: Likewise. * gnu/packages/monitoring.scm (zabbix-agentd)[arguments]: Likewise. * gnu/packages/virtualization.scm (ganeti)[arguments]: Likewise. * gnu/packages/xdisorg.scm (xsecurelock)[arguments]: Likewise. * gnu/services/dbus.scm (dbus-configuration-directory): Likewise. * gnu/services/ganeti.scm (%default-ganeti-environment-variables): Likewise. * gnu/services/monitoring.scm (zabbix-agent-shepherd-service): Likewise. * gnu/tests/ldap.scm (marionette): Likewise. * gnu/tests/monitoring.scm (os): Likewise. --- gnu/packages/admin.scm | 6 +++--- gnu/packages/containers.scm | 2 +- gnu/packages/debian.scm | 4 ++-- gnu/packages/disk.scm | 14 +++++++------- gnu/packages/enlightenment.scm | 10 +++++----- gnu/packages/gnome.scm | 2 +- gnu/packages/linux.scm | 2 +- gnu/packages/lxde.scm | 19 ++++++++----------- gnu/packages/monitoring.scm | 2 +- gnu/packages/virtualization.scm | 2 +- gnu/packages/xdisorg.scm | 2 +- 11 files changed, 31 insertions(+), 34 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 377f7ec86f..db01152e0a 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -220,7 +220,7 @@ (lambda _ (substitute* "configure.ac" (("supath=`which su 2>/dev/null`") - "supath=/run/setuid-programs/su")) + "supath=/run/privileged/bin/su")) #t))))) (native-inputs (list autoconf automake libtool pkg-config)) @@ -2156,7 +2156,7 @@ commands and their arguments.") (substitute* "doas.c" (("safepath =" match) (string-append match " \"" - "/run/setuid-programs:" + "/run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin:" "\" "))))) @@ -5090,7 +5090,7 @@ text table representation to stdout.") ":" (assoc-ref %build-inputs "grep") "/bin" ":" (assoc-ref %build-inputs "ncurses") "/bin" ":" (assoc-ref %build-inputs "sed") "/bin" - ":" "/run/setuid-programs" + ":" "/run/privileged/bin" ":" (getenv "PATH"))) (substitute* "hosts" (("#!/usr/bin/env bash") diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index b651e5d4e2..f89c52055a 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -274,7 +274,7 @@ containers or various tools.") (add-after 'unpack 'fix-hardcoded-paths (lambda _ (substitute* (find-files "tests" "\\.sh") - (("ping") "/run/setuid-programs/ping"))))))) + (("ping") "/run/privileged/bin/ping"))))))) (inputs (list glib libcap diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm index 415c1d515d..6f7b809fd2 100644 --- a/gnu/packages/debian.scm +++ b/gnu/packages/debian.scm @@ -725,8 +725,8 @@ handling the installation and removal of Debian software packages.") (lambda () (format #t "# A couple of presets to make this work more smoothly.~@ MIRRORSITE=\"http://deb.debian.org/debian\"~@ - if [ -r /run/setuid-programs/sudo ]; then~@ - PBUILDERROOTCMD=\"/run/setuid-programs/sudo -E\"~@ + if [ -r /run/privileged/bin/sudo ]; then~@ + PBUILDERROOTCMD=\"/run/privileged/bin/sudo -E\"~@ fi~@ PBUILDERSATISFYDEPENDSCMD=\"~a/lib/pbuilder/pbuilder-satisfydepends-apt\"~%" #$output))))) diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm index ee76647475..d45da82276 100644 --- a/gnu/packages/disk.scm +++ b/gnu/packages/disk.scm @@ -212,10 +212,10 @@ and write-back caching.") ;; udevil expects these programs to be run with uid set as root. ;; user has to manually add these programs to setuid-programs. ;; mount and umount are default setuid-programs in guix system. - "--with-mount-prog=/run/setuid-programs/mount" - "--with-umount-prog=/run/setuid-programs/umount" - "--with-losetup-prog=/run/setuid-programs/losetup" - "--with-setfacl-prog=/run/setuid-programs/setfacl") + "--with-mount-prog=/run/privileged/bin/mount" + "--with-umount-prog=/run/privileged/bin/umount" + "--with-losetup-prog=/run/privileged/bin/losetup" + "--with-setfacl-prog=/run/privileged/bin/setfacl") #:phases (modify-phases %standard-phases (add-after 'unpack 'remove-root-reference @@ -226,12 +226,12 @@ and write-back caching.") (add-after 'unpack 'patch-udevil-reference ;; udevil expects itself to be run with uid set as root. ;; devmon also expects udevil to be run with uid set as root. - ;; user has to manually add udevil to setuid-programs. + ;; user has to manually add udevil to privileged-programs. (lambda _ (substitute* "src/udevil.c" - (("/usr/bin/udevil") "/run/setuid-programs/udevil")) + (("/usr/bin/udevil") "/run/privileged/bin/udevil")) (substitute* "src/devmon" - (("`which udevil 2>/dev/null`") "/run/setuid-programs/udevil")) + (("`which udevil 2>/dev/null`") "/run/privileged/bin/udevil")) #t))))) (native-inputs (list intltool pkg-config)) diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm index 7860c43fef..cf9fe93b27 100644 --- a/gnu/packages/enlightenment.scm +++ b/gnu/packages/enlightenment.scm @@ -149,8 +149,8 @@ "-Dbuild-examples=false" "-Decore-imf-loaders-disabler=scim" "-Dglib=true" - "-Dmount-path=/run/setuid-programs/mount" - "-Dunmount-path=/run/setuid-programs/umount" + "-Dmount-path=/run/privileged/bin/mount" + "-Dunmount-path=/run/privileged/bin/umount" "-Dnetwork-backend=connman" ,,@(if (member (%current-system) (package-transitive-supported-systems luajit)) @@ -338,7 +338,7 @@ Libraries with some extra bells and whistles.") (substitute* '("src/bin/e_sys_main.c" "src/bin/e_util_suid.h") (("PATH=/bin:/usr/bin:/sbin:/usr/sbin") - (string-append "PATH=/run/setuid-programs:" + (string-append "PATH=/run/privileged/bin:" "/run/current-system/profile/bin:" "/run/current-system/profile/sbin"))) (substitute* "src/modules/everything/evry_plug_calc.c" @@ -347,8 +347,8 @@ Libraries with some extra bells and whistles.") (("libddcutil\\.so\\.?" libddcutil) (string-append ddcutil "/lib/" libddcutil))) (substitute* "data/etc/meson.build" - (("/bin/mount") "/run/setuid-programs/mount") - (("/bin/umount") "/run/setuid-programs/umount") + (("/bin/mount") "/run/privileged/bin/mount") + (("/bin/umount") "/run/privileged/bin/umount") (("/usr/bin/eject") "/run/current-system/profile/bin/eject")) (substitute* "src/bin/system/e_system_power.c" (("systemctl") "loginctl")))))))) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 88e647dd65..010bf2f275 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -8984,7 +8984,7 @@ library.") "--localstatedir=/var" (string-append "-Ddefault-path=" - (string-join '("/run/setuid-programs" + (string-join '("/run/privileged/bin" "/run/current-system/profile/bin" "/run/current-system/profile/sbin") ":")) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 8ca1df1185..b6f8ed543b 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -5386,7 +5386,7 @@ thanks to the use of namespaces.") (substitute* (find-files "libexec/cli" "\\.exec$") (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid" _ program) - (string-append "/run/setuid-programs/singularity-" + (string-append "/run/privileged/bin/singularity-" program "-helper"))) ;; These squashfs mount options are apparently no longer diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm index 0291f50302..1a969eb4b5 100644 --- a/gnu/packages/lxde.scm +++ b/gnu/packages/lxde.scm @@ -372,26 +372,23 @@ with freedesktop.org standard.") (substitute* '("mime-type/mime-type.c" "ptk/ptk-file-menu.c") (("/usr(/local)?/share/mime") mime))) #t))) - (add-after 'patch-mime-dirs 'patch-setuid-progs + (add-after 'patch-mime-dirs 'patch-privileged-programs (lambda _ - (let* ((su "/run/setuid-programs/su") - (mount "/run/setuid-programs/mount") - (umount "/run/setuid-programs/umount") - (udevil "/run/setuid-programs/udevil")) + (let ((privileged (lambda (command) + (string-append "/run/privileged/bin/" + command)))) (with-directory-excursion "src" (substitute* '("settings.c" "settings.h" "vfs/vfs-file-task.c" "vfs/vfs-volume-hal.c" "../data/ui/prefdlg.ui" "../data/ui/prefdlg2.ui") - (("(/usr)?/bin/su") su) - (("/(bin|sbin)/mount") mount) - (("/(bin|sbin)/umount") umount) - (("/usr/bin/udevil") udevil))) + (("(/usr)?/s?bin/(mount|umount|su|udevil)" _ _ command) + (privileged command)))) #t))) - (add-after 'patch-setuid-progs 'patch-spacefm-conf + (add-after 'patch-privileged-programs 'patch-spacefm.conf (lambda* (#:key inputs #:allow-other-keys) (substitute* "etc/spacefm.conf" (("#terminal_su=/bin/su") - "terminal_su=/run/setuid-programs/su") + "terminal_su=/run/privileged/bin/su") (("#graphical_su=/usr/bin/gksu") (string-append "graphical_su=" (search-input-file inputs "/bin/ktsuss"))))))) diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm index ad9af078eb..6325c9b96f 100644 --- a/gnu/packages/monitoring.scm +++ b/gnu/packages/monitoring.scm @@ -186,7 +186,7 @@ etc. via a Web interface. Features include: "src/zabbix_server/server.c") ;; 'fping' must be setuid, so look for it in the usual location. (("/usr/sbin/fping6?") - "/run/setuid-programs/fping"))))) + "/run/privileged/bin/fping"))))) (build-system gnu-build-system) (arguments (list #:configure-flags diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index c54e991a39..8702a7390c 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -846,7 +846,7 @@ firmware blobs. You can ;; hard coded PATH. Patch so it works on Guix System. (substitute* "src/Ganeti/Constants.hs" (("/sbin:/bin:/usr/sbin:/usr/bin") - "/run/setuid-programs:/run/current-system/profile/sbin:\ + "/run/privileged/bin:/run/current-system/profile/sbin:\ /run/current-system/profile/bin")))) (add-after 'bootstrap 'patch-sphinx-version-detection (lambda _ diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 4c12835b24..554f0012bb 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -2710,7 +2710,7 @@ temperature of the screen.") '(#:configure-flags '("--with-pam-service-name=login" "--with-xkb" - "--with-default-authproto-module=/run/setuid-programs/authproto_pam"))) + "--with-default-authproto-module=/run/privileged/bin/authproto_pam"))) (native-inputs (list pandoc pkg-config)) (inputs -- cgit v1.2.3